News News Topic: Computing

Voir en

français

Computer Security: Linux: Windows revisited

Linux and MacOS folks: do as the Windows people do. Be diligent when receiving unsolicited e-mails with weird attachments

|

By Computer Security team

In the past, “infections” were usually only a matter for PCs and laptops running Microsoft’s Windows operating systems. Windows users should (and, at CERN, must!) apply due diligence to protect their system by, for example, safe browsing and avoiding opening attachments from dubious sources (“Stop – Think – Don’t click”). Users of Linux or MacOS operating systems were thought to be less prone to such kinds of infections… but that is plain wrong.

Computer viruses usually exploit weaknesses and vulnerabilities in the underlying operating system. As the erstwhile market leader, Windows was the number one choice for cyber-attackers due to its large market share. The success rate in infecting Windows PCs was very high. But this has changed in two ways. First of all, MacOS has become very popular too, and cyber-attackers now also target devices running MacOS and iOS – as well as Android tablets and smartphones. Secondly, attackers are focusing less and less on the weaknesses of the operating system, but are increasingly looking into the vulnerabilities of software applications. The best outcome for hackers is if these applications work on all three major operating systems (Windows, MacOS, Linux), like Adobe Reader or Mozilla Firefox. With one good vulnerability, you can exploit them all… An excellent example is the recent publication of a vulnerability in the beloved “Ghostscript” application (and subsequently in “ImageMagick” and “GraphicsMagick”): with one malicious PDF, XPS, PS or EPS document and one single unsuspecting click by the innocent user, your Linux computer is a goner. The operating system infiltrated. All files exposed. Any communication tapped. This sort of thing from our Bulletin article on “Protect your Family”. Game over, Linux.

So, Linux and MacOS folks: do as the Windows people do. Be diligent when receiving unsolicited e-mails with weird attachments (see our Bulletin article on “A free click for your awareness”). Stop and think before clicking on weird-looking web links or URLs stemming from unknown or untrustworthy sources (“Curiosity clicks the link”). And always keep your operating system and all applications up-to-date. “Yum autoupdate” is your best friend.

_________

Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.

Computer Security

Related Articles

Computer Security: Swipes vs PINs vs password...

Computing
News

Computer Security: Day of the open firewall

Computing
News

Computer Security: Bingo walk-through

Computing
News
View all news

Also On Computing

IT: interactions, innovations, impact

Computing
Opinion
Enrica Porcari

CERN donates computing equipment to South Afr...

Computing
News

The next-generation triggers for CERN detecto...

Computing
News

Computer Security: Swipes vs PINs vs password...

Computing
News

World Wide Web at 35

Computing
News

Computer Security: Day of the open firewall

Computing
News

CERN rewarded for its contributions to cloud ...

Computing
News

Farewell to the Alcatel phone exchange

Computing
News

Computer Security: Bingo walk-through

Computing
News
View all news